VAR-201512-0382
Vulnerability from variot - Updated: 2023-12-18 13:03Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. A remote attacker could exploit the vulnerability to place files anywhere on the affected device. Exploiting this issue can allow an attacker to gain read access to arbitrary files. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCuv21781. The software provides features such as real-time location tracking database and caller's location
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emergency responder",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.5\\(1.10000.5\\)"
},
{
"model": "emergency responder software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(1.10000.5)"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5(1.10000.5)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:10.5\\(1.10000.5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6406"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "78816"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6406",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-08367",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-84367",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6406",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-08367",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-289",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84367",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller\u0027s location. A remote attacker could exploit the vulnerability to place files anywhere on the affected device. \nExploiting this issue can allow an attacker to gain read access to arbitrary files. Information harvested may aid in launching further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuv21781. The software provides features such as real-time location tracking database and caller\u0027s location",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "BID",
"id": "78816"
},
{
"db": "VULHUB",
"id": "VHN-84367"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6406",
"trust": 3.4
},
{
"db": "BID",
"id": "78816",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1034384",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08367",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84367",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "BID",
"id": "78816"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"id": "VAR-201512-0382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
}
]
},
"last_update_date": "2023-12-18T13:03:20.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151209-ert",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ert"
},
{
"title": "Cisco Emergency Responder Tools Menu Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59129"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ert"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/78816"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034384"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6406"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6406"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "BID",
"id": "78816"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "BID",
"id": "78816"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"date": "2015-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-84367"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78816"
},
{
"date": "2015-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"date": "2015-12-13T03:59:05.147000",
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"date": "2015-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84367"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78816"
},
{
"date": "2015-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"date": "2016-12-07T18:20:03.037000",
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Emergency Responder of Tools Directory traversal vulnerability in menu",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…